[#5] Fix auth for harvest_job_list (should forward to harvest_source_update)

2013-02-05 16:41:29 +00:00 · 2013-02-05 16:41:29 +00:00 · 3c50a40a76
parent 413ef8786c
commit 3c50a40a76
1 changed files with 15 additions and 3 deletions
--- a/ckanext/harvest/logic/auth/get.py
+++ b/ckanext/harvest/logic/auth/get.py
@ -65,11 +65,23 @@ def harvest_job_list(context, data_dict):
    '''
        Authorization check for getting a list of jobs for a source

-        It forwards the checks to harvest_job_show, ie if the user can
-        update the parent source, she can get the list of jobs
+        It forwards the checks to harvest_source_update, ie if the user can
+        update the parent source (eg create new jobs), she can get the list of
+        jobs
    '''
+    user = context.get('user')
    source_id = data_dict['source_id']
-    return harvest_job_show(context, {'id': source_id})
+
+    try:
+        pt.check_access('harvest_source_update',
+                        context,
+                        {'id': source_id})
+        return {'success': True}
+    except pt.NotAuthorized:
+        return {'success': False,
+                'msg': pt._('User {0} not authorized to list jobs for source {1}')
+                .format(user, source_id)}
+


 def harvest_object_show(context, data_dict):